OK, so this is driving me mad and I'm obviously missing something. I've created a custom URL category in which I wish to drop URLs that will bypass SSL decryption. In this I want to use wildcards, so that all sites for a particular company can be bypassed. For the sake of example, let's say the site I want to get to unencrypted is https://www.microsoft.com In the URL category I've added *.microsoft.com using the wildcard EXACTLY as documented in the URL_Categorzation_PANOS-RevC.pdf document posted on this site. The custom URL category is then referenced in a rule in my Decryption policy, with action no-decrypt and type ssl-forward-proxy set appropriately Everything has then been committed back to the PANOS firewall. Result? URLs matching the wildcard are still being decrypted. The firewall is completely ignoring the bypass rule. Anyone got any idea why? The CLI "Test" command doesn't even recognise my custom URL categories, so that's no help. Firewall is running 5.0.5 Thanks in advance
... View more